当我尝试重置密码时,我会得到"无效令牌">
发送前的令牌: cBcZbiN8LO9+aIVMbegaj1k5IrJ3fBOKJ/WSH0NZZUgguSgWOFANoVOMp8y5b/481AP/mpnusV1YlmXQ1zFQmi4S/7xYMtRn3IeSIviEWmuxwPF8O41Y1pFQ1tF8GAaw5D4/Y9+olZvII/kh5W8RGn4JT9wrOz/qwtdnYXbYxmjp4i20mLzXWqs9ewVUKIo8FZ+7mXP+sKY Kk+e754tLw==
已收到代币: cbczbin8lo9+aivmbegaj1k5iyrj3fbokj/wsh0nzzuggusgwofanomp8y5b/481ap/mpnus1ylmxq1zfqmi4s/7xymtrn3esiviewmuxwpf8o4y1pfq1tf8gaaw5d4/y9+olzvii/kh5w8rgn4jt9wroz/qwtdnyxbyxmjp4i20mlzxwqs9ewvukio8fz+7mxp+skyk+e754tl w==
正如你所看到的,唯一的区别是,由于某种原因,在生成它时有大写字母,并且它们被更改为小写,这可能是由HttpUtility.UrlEncode/HttpUtility.UrDencode操作引起的?
忘记密码:
string code = await UserManager.GeneratePasswordResetTokenAsync(user.Id);
var callbackUrl = Url.Action("ResetPassword", "Account", new { userId = user.Id, code = HttpUtility.UrlEncode(code) }, protocol: Request.Url.Scheme);
await UserManager.SendEmailAsync(user.Id, "Reset Password", string.Format("Please reset your password by clicking <a href='{0}'>here</a>", callbackUrl));
重置密码
var code = HttpUtility.UrlDecode(model.Code);
var result = await UserManager.ResetPasswordAsync(user.Id, code, model.Password);
知道是什么原因造成的吗?
感谢
我在自己的一个类似项目中尝试使用编码/解码,令牌按照预期返回到控制器中。因此,它在我的测试中没有产生相同的"错误"。
话虽如此,你不需要自己编码令牌,asp.net会为你编码令牌字符串,并在再次收到时通过callbackurl对其进行解码。直接使用代币即可:
var callbackUrl = Url.Action("ResetPassword", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
在接收端,也不要对其进行解码。(跳过这一行(var code = HttpUtility.UrlDecode(model.Code);
只需像这样将model.Code直接传递到UserManager方法中,它就会正常工作。asp.net将为您处理编码。
var result = await UserManager.ResetPasswordAsync(user.Id, model.Code, model.Password);
示例:
原始代币oFO0xxL7tLoW7Rfz1Yh2Bblim4x2Yn+6O7FXqwz7NPyRyr80EA9LNjsv+BdCDsTHnJx9nkOpnb+vcoEVczZmL2qnqBxAYQQoCnsgobQVFEHkoAJi0mhDb5stDIP/XytN8qu5d9EUIOUL5IT+9nciG4SQNSp4/x8M1wrLmblEyuvH8/VAwX1S5V+cJpkK8fGSmHunzziwamxt1ERB7A==
Url.Action将对此进行编码并作为链接插入电子邮件oFO0xxL7tLoW7Rfz1Yh2Bblim4x2Yn%2B6O7FXqwz7NPyRyr80EA9LNjsv%2BdCDsTHnJx9nkOpnb%2BvcoEVczZmL2qnqBxAYQQoCnsgobQVFEHkoAJi0mhDb5stDIP%2FXytN8qu5d9EUIOUL5IT%2B9nciG4SQNSp4%2Fx8T5m1wrLmblEyuvH8%2FVAwX1S5V%2Bc JpkK8fGSmHunzziwamxt1ERB7A%3D%3D
差异+和==将被合并为%2B(+(%2F(/(和%3D(=(
在传递到控制器之前由asp.net解码oFO0xxL7tLoW7Rfz1Yh2Bblim4x2Yn+6O7FXqwz7NPyRyr80EA9LNjsv+BdCDsTHnJx9nkOpnb+vcoEVczZmL2qnqBxAYQQoCnsgobQVFEHkoAJi0mhDb5stDIP/XytN8qu5d9EUIOUL5IT+9nciG4SQNSp4/x8T5m1wrLmblEyuvH8/VAwX1S5V+cJpkK8fGSmHunzziwamxt1ER B7A==
与原始令牌相同。